¡¾Îó²îͨ¸æ¡¿CVE-2021-24122 Apache TomcatÐÅϢй¶Îó²î

Ðû²¼Ê±¼ä 2021-01-15

0x00 Îó²î¸ÅÊö

CVE  ID

CVE-2021-24122

ʱ  ¼ä

2021-01-15

Àà   ÐÍ

ÐÅϢй¶

µÈ  ¼¶

ÑÏÖØ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£


 

0x01 Îó²îÏêÇé

image.png

22.png

 

1.png


Ó°Ïì¹æÄ£

Apache Tomcat 10.0.0-M1-10.0.0-M9

Apache Tomcat 9.0.0.M1-9.0.39

Apache Tomcat 8.5.0-8.5.59

Apache Tomcat 7.0.0-7.0.106

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚTomcatÒѾ­ÐÞ¸´ÁË´ËÎó²î£¬£¬£¬£¬£¬£¬£¬½¨ÒéÉý¼¶ÖÁÒÔÏ°汾£º

Apache Tomcat 10.0.0-M10»ò¸ü¸ß°æ±¾

Apache Tomcat 9.0.40»ò¸ü¸ß°æ±¾

Apache Tomcat 8.5.60»ò¸ü¸ß°æ±¾

Apache Tomcat 7.0.107»ò¸ü¸ß°æ±¾

ÏÂÔØÁ´½Ó£º

https://tomcat.apache.org/

 

0x03 ²Î¿¼Á´½Ó

https://tomcat.apache.org/security-10.html

http://mail-archives.apache.org/mod_mbox/www-announce/202101.mbox/%3Cf3765f21-969d-7f21-e34a-efc106175373@apache.org%3E

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122

 

0x04 ʱ¼äÏß

2021-01-14  ApacheÐû²¼Ç徲ͨ¸æ

2021-01-15  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

image.png